Information Security - Incident Reporting Portal

The Archer GRC Incident Reporting Portal addresses security incident and event reporting requirements for state agencies and institutions of higher education. Each agency and institute of higher education is responsible for assessing the significance of a security incident within its organization and for providing a report to DIR based on the business impact on affected resources and the current and potential technical effect of the incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks).

Yes. Administrative Rules (1 TAC 202.23/1 TAC 202.73 state: Reports must be sent to DIR on a monthly basis, no later than the nine calendar days after the end of the month. Information shall be reported in the form and manner specified by DIR.

If an agency or institute of higher education does not report after the required date, it will be required to include the information in the next month's report and make note of such submission in the Comments section of the report.

An incident is an adverse event in or affecting an information system, network, and/or workstation, or the threat of the occurrence of such an event.

An event is any observable occurrence in a system, network, and/or workstation. Although natural disasters and other non-security-related disasters (power outages) are also called events, the reporting requirements are for IT-security-related events only. A planned outage is NOT considered an incident or event.

Security incidents that are critical in nature and have a substantial likelihood of being propagated to other systems beyond the control of the agency, should be reported to DIR within 24 hours (in addition to being included in monthly reporting)

For emergency notifications or initial reporting of security incidents meeting 1 TAC 202 criteria, you may use the Archer GRC Incident Reporting Portal or call DIR's Computer Security Incident Response Team (CSIRT) at 512-350-3282. The phone is answered 24 hours a day, 7 days a week.

Yes. Training is available on the Archer GRC Incident Reporting Portal page of DIR’s website. You may also contact the GRC Administrator for information about training.

Yes. The data collected is not shared with other reporting entities, it is treated as confidential in accordance with TGC 2059. DIR provides trending reports and metrics to the Legislature during session.

The requesting agency or institution’s Information Resource Manager (IRM) or Information Security Officer (ISO) can submit a support request form through the Archer GRC Incident Reporting Portal.

Passwords for the Archer GRC Incident Reporting Portal can be changed at any time by editing your User Profile (scroll down the page until you see the Change Password option). You may also contact the GRC Administrator for assistance.